Added a deprecation warning for using verify= instead of options= on decode()

mark-adams · mark-adams · commit 8eb3537d0c62 · 2015-04-12T14:47:37.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 -------------------------------------------------------------------------
 ### Changed
 - Added flexible and complete verification options during decode #131
+- Deprecated usage of the .decode(..., verify=False) parameter
 - Added support for PS256, PS384, and PS512 algorithms. #132
 - Added this CHANGELOG.md file
 
diff --git a/jwt/api.py b/jwt/api.py
@@ -1,5 +1,6 @@
 import binascii
 import json
+import warnings
 
 from calendar import timegm
 from collections import Mapping
@@ -133,6 +134,8 @@ def decode(self, jwt, key='', verify=True, algorithms=None, options=None, **kwar
                                        key, algorithms)
 
             self._validate_claims(payload, options=merged_options, **kwargs)
+        else:
+            warnings.warn("The verify parameter is deprecated. Please use options instead.", DeprecationWarning)
 
         return payload
 
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -1,6 +1,7 @@
 
 import json
 import time
+import warnings
 
 from calendar import timegm
 from datetime import datetime, timedelta
@@ -35,10 +36,18 @@ def utc_timestamp():
 class TestAPI(unittest.TestCase):
 
     def setUp(self):  # noqa
+        self.warnings_context = warnings.catch_warnings(record=True)
+        self.warnings = self.warnings_context.__enter__()
+
+        warnings.simplefilter('always', DeprecationWarning)
+
         self.payload = {'iss': 'jeff', 'exp': utc_timestamp() + 15,
                         'claim': 'insanity'}
         self.jwt = PyJWT()
 
+    def tearDown(self):  # noqa
+        self.warnings_context.__exit__()
+
     def test_register_algorithm_does_not_allow_duplicate_registration(self):
         self.jwt.register_algorithm('AAA', Algorithm())
 
@@ -356,6 +365,18 @@ def test_allow_skip_verification(self):
 
         self.assertEqual(decoded_payload, self.payload)
 
+    def test_verify_false_deprecated(self):
+        example_jwt = (
+            b'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9'
+            b'.eyJoZWxsbyI6ICJ3b3JsZCJ9'
+            b'.tvagLDLoaiJKxOKqpBXSEGy7SYSifZhjntgm9ctpyj8')
+
+        self.assertEqual(len(self.warnings), 0)
+        self.jwt.decode(example_jwt, verify=False)
+
+        self.assertEqual(len(self.warnings), 1)
+        self.assertEqual(self.warnings[-1].category, DeprecationWarning)
+
     def test_load_no_verification(self):
         right_secret = 'foo'
         jwt_message = self.jwt.encode(self.payload, right_secret)
